It was shown that the handling of the ALLOWED_INCLUDE_ROOTS setting,
used to represent allowed prefixes for the {% ssi %} template tag, is
vulnerable to a directory traversal attack, by specifying a file path
which begins as the absolute path of a directory in
ALLOWED_INCLUDE_ROOTS, and then uses relative paths to break free.

To exploit this vulnerability an attacker must be in a position to alter
templates on the site, or the site to be attacked must have one or more
templates making use of the ssi tag, and must allow some form of
unsanitized user input to be used as an argument to the ssi tag.

For the oldstable distribution (squeeze), this problem has been fixed in
version 1.2.3-3+squeeze7.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.5-1+deb7u3.